Cyber Resilience

CVE-2025-43264

High

Published: 02 April 2026

Published
02 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0040 31.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-43264 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Macos. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-43264 is a memory corruption vulnerability (CWE-119) addressed through improved memory handling in macOS. It affects macOS versions prior to Sequoia 15.6, where processing a maliciously crafted image can lead to process memory corruption. The vulnerability was published on 2026-04-02 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Attackers can exploit this vulnerability remotely over the network with low attack complexity and no required privileges, though user interaction is necessary, such as opening or viewing the malicious image file. Successful exploitation enables high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service through process disruption.

Apple's security advisory confirms the issue is fixed in macOS Sequoia 15.6. Security practitioners should ensure systems are updated to this version or later, and advise users to avoid processing untrusted images. Additional details are available at https://support.apple.com/en-us/124149.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Memory corruption in image processing with remote vector and required user interaction (opening/viewing crafted file) directly enables client-side exploitation and malicious file execution leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-39870Same product: Apple Macos
CVE-2025-30437Same product: Apple Macos
CVE-2025-43253Same product: Apple Macos
CVE-2025-43219Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2026-28990Same product: Apple Macos
CVE-2026-28941Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2025-30424Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-16 directly mitigates memory corruption vulnerabilities like CVE-2025-43264 by enforcing memory protection mechanisms such as non-executable memory and bounds checking during image processing.

prevent

SI-10 prevents exploitation by validating malformed image inputs that could trigger memory corruption in the image processing component.

prevent

SI-2 ensures timely application of vendor patches, such as macOS Sequoia 15.6, to remediate the specific memory handling flaw in CVE-2025-43264.

References